simplify var

secrets.nix

@@ -1,9 +1,10 @@
 let
   pkgs = import <nixpkgs> { };
   inherit (pkgs) lib;
-  ssh-keys = (import ./var { inherit lib; }).ssh-keys;
+  var = import ./var { inherit lib; };
+  ssh-keys = var.ssh-keys;
   keys = ssh-keys.root;
-  trusted-keys = ssh-keys.trusted-root;
+  trusted-keys = ssh-keys.desktops.root;
   secrets = [
     "hd-password"
     "roam/firefox-sync-secret"
@@ -17,16 +18,14 @@ let
     # Can only be decrypted by clients
     "syncthing-password"
   ];
-  mkSecrets =
-    keys: secrets: lib.mergeAttrsList (map (x: { "secrets/${x}.age".publicKeys = keys; }) secrets);
-  syncthingManagedClients = (lib.importJSON ./var/syncthing-managed-clients.json).managed_clients;
+  mkSecrets = k: s: lib.mergeAttrsList (map (x: { "secrets/${x}.age".publicKeys = k; }) s);
   mkSyncthingSecret = client: {
     "secrets/syncthing/${client}.age".publicKeys = [ ssh-keys.by-host.root.${client} ];
   };
-  syncthingSecrets = lib.mergeAttrsList (map mkSyncthingSecret syncthingManagedClients);
+  syncthingSecrets = lib.mergeAttrsList (map mkSyncthingSecret (lib.attrNames var.syncthing.managed));
 in
-lib.mergeAttrsList ([
+lib.mergeAttrsList [
   (mkSecrets keys secrets)
   (mkSecrets trusted-keys trusted-secrets)
-  (syncthingSecrets)
-])
+  syncthingSecrets
+]